summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-10-19netsniff-ng: nlmsg: Display raw data if family is unknownTobias Klauser1-0/+12
Currently we only support full dissection of RTNL netlink messages. For non-RTNL message we only print the header and omit the data. Change this behavior and print a full ascii/hex dump of the remaining data (like it is done in dissector_entry_point() for trailing data after all known protocols have been processed) to give the user a chance to still inspect the message content. Reported-by: Geoff Ladwig <gladwig@verdantnetworks.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: proto: Make raw hex/ascii print function globally availableTobias Klauser2-2/+4
Allow other dissectors to access the hex/ascii printing functions with a raw uint8_t* instead of only through struct pkt_buff. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: nlmsg: Display "(none)" instead of "()" for zero flagsTobias Klauser1-2/+3
nl_nlmsg_flags2str() returns an empty string if the provided flags argument is 0. Check this condition and display "none" instead to make the output nicer to read. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-17netsniff-ng: Fix print stats in silent modeVadim Kochan1-6/+3
RX stats were not printed because of wrong check on PRINT_NONE. Fixes: 5f94671f31c040f ("netsniff-ng: Show total rx stats for multi pcap mode") Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-14trafgen: Move checking of dynamic packet elements to headerTobias Klauser3-8/+8
Move has_dynamic_elems() to to trafgen_conf.h, rename it to packet_dyn_has_elems() and use it to check whether dynamic packet elements are present. Also change the return type to bool and use || instead of + to potentially make use of short-circuit evaluation. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-14csum: Remove unnecessary memset in p4_csum()Tobias Klauser1-4/+3
No need to memset the IPv4 pseudo header to 0 as all its members will explicitly be set. Also reorder the setting of the pseudo header to match the order of the fields. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13trafgen: Change signature of compile_packets() to match provided typesTobias Klauser2-2/+2
Match two arguments to the respective types provided in its only caller in trafgen.c:main_loop() Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13trafgen: Don't panic() on parser errorsTobias Klauser2-10/+19
If the C preprocessor is used to parse the packet description, a temporary file is created which is not deleted if an error occurs during parsing in compile_packets(). Instead, don't panic() on errors and only print a message, and only die() once we cleaned up after us. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13trafgen: Make xmit_packet_precheck() return voidTobias Klauser1-6/+3
The return value of xmit_packet_precheck() is always 0 and it calls panic() in any error cases, so its return value isn't of any use. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13conf: oui: update oui.confTobias Klauser1-1755/+2390
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13oui-update: Explicitly sort OUI list and strip trailing whitespacesTobias Klauser1-5/+9
It looks like http://standards-oui.ieee.org/oui.txt is no longer sorted by OUI, so do in manually when creating oui.conf. Also, it looks like the file has been converted to use CRLF line endings, so strip those as well (and any other trailing whitespaces in the vendor name). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13trafgen: Add checksum helpers for TCP/UDP over IPv6Tobias Klauser7-6/+71
Add the csumudp6 and csumtcp6 helper functions in order to simplify checksum generation for TCP/UDP packets sent over IPv6. trafgen example for TCP over IPv6: { /* MAC Destination */ fill(0xff, 6), /* MAC Source */ 0x00, 0x02, 0xb3, drnd(3), /* IPv6 Protocol */ c16(0x86DD), /* Version, Traffic Class, Flow Label */ 0b01100000, c8(0), c16(0), /* Payload Length */ c16(54), /* Next Header (TCP) */ c8(6), /* Hop Limit */ c8(64), /* Source IPv6 */ 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xba, 0xac, 0x6f, 0xff, 0xfe, 0xa4, 0x12, 0xe3, /* Destination IPv6 */ 0xfe, 0x80, 0x82, 0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0xff, 0xfe, 0x00, 0x06, 0xde, /* TCP Source Port */ c16(55042), /* TCP Destination Port */ c16(55043), /* TCP Sequence Number */ drnd(4), /* TCP Ackn. Number */ c32(0), /* TCP Header length + TCP SYN/ECN Flag */ c16((8 << 12) | (1 << 1) | (1 << 6)) /* Window Size */ c16(16), /* TCP Checksum (offset IPv6, offset TCP) */ csumtcp6(14, 54), /* TCP Options */ 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x06, 0x91, 0x68, 0x7d, 0x06, 0x91, 0x68, 0x6f, /* Data blob */ "foobar!", } Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-13trafgen: Adjust syntax error messageTobias Klauser1-1/+1
Make it more readable. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-24man: Correct some typos found using codespellTobias Klauser2-3/+3
s/auxillary/auxiliary/ s/noone/no one/ s/todays/today's/ Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-24all: Fix some typos in comments and printed stringsTobias Klauser4-4/+4
All found using codespell. s/addres/address/ s/noone/no one/ s/endianess/endianness/ s/Successfull/Successful/ Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: mmaped packet checkKen-ichirou MATSUZAWA1-2/+13
The size of mmaped netlink packet is equals to its frame size, so may be different from actual size. It can be checked by the next nlmsg len is 0 or not, and trim it in that case. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: update pull sizeKen-ichirou MATSUZAWA1-4/+4
It would be better to use NLMSG_HDRLEN instead of sizeof(*hdr) and not to use NLMSG_PAYLOAD to get payload length, I think. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-10dissector: make netlink directions a bit more readableDaniel Borkmann1-2/+2
Display them as K->U resp. U->K. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-09-07curvetun: Don't attempt to close negative file descriptorTobias Klauser1-1/+1
Complete fix for Coverity issue CID 991822, commit 047d69c4e ("curvetun: Fix issues detected by the Coverity scanner") only fixed one instance of this issue. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-07curvetun: Fix issues detected by the Coverity scannerTobias Klauser2-5/+12
Fix two issues detected by the Coverity scanner (CID 991819 & CID 991822) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-07flowtop: Don't attempt to set sysctl values if initial read failsTobias Klauser1-0/+2
Bail out early if we fail to read the current sysctl variable values for net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp Otherwise we'll not be able restore the previous value on exit/panic. Moreover, if we fail to read the sysctl file, we usually also lack the permissions to write it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-04flowtop: man: Fix small typo of timestampinfVadim Kochan1-1/+1
Fix typo timestampinf -> timestamping Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-03flowtop: man: Add notes about flow duration timeVadim Kochan1-0/+11
Add short info about timestamping enabling & connection duration time feature. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Minor rewordings] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-03flowtop: Enable flow timestamp on startVadim Kochan1-9/+36
Allow setting start/stop timestamp for new flows by enabling: /proc/sys/net/netfilter/nf_conntrack_timestamp on start and resetting it on exit or panic. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Remove unnecessary cast of void pointer] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-03flowtop: Show flow time durationTobias Klauser1-0/+33
Show flow time duration in human readable form. Originally submitted by Vadim in a slightly different form. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-25doc: Rename BUILD to README.devel and add information about CoverityTobias Klauser2-4/+12
Don't spread the information over too many documents, this is a first step to consolidate them a bit. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-25netsniff-ng: Show total rx stats for multi pcap modeVadim Kochan3-66/+77
Allow to collect rx stats for multiple pcap mode, by storing them in separated variables before switch to the next pcap file. It allows to have the one approach when dump for single or multiple pcap(s) mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-24netsniff-ng: Use correct flag to check tpacket uhdr validityTobias Klauser1-4/+3
When fixing up a build error introduced by commit 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3"), the used definitions got mixed up and TP_STATUS_VLAN_TPID_VALID ended up not being checked at all. Fix this up and make the code a bit easier to read Fixes: 3384ee71 ("netsniff-ng: ring: Fix build if tp_vlan_tpid is not available in kernel header") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-19build: Only use tput if $TERM is definedTobias Klauser1-2/+7
Otherwise we clutter the build log with warnings such as: tput: No value for $TERM and no -T specified on head-less CI/build systems (e.g. Debian's buildd). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-19build: Don't strip generated binariesTobias Klauser3-17/+0
Except for some minor saving in disk space, stripping the binaries doesn't bring any benefits and it might prevent us from getting usable debugging information even from binaries build with DEBUG not set. Most distributions will strip the binaries as part of their packaging process anyhow. If someone really wants stripped binaries as a result of the netsniff-ng build, they could still add '-s' to CFLAGS or call strip manually. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-19netsniff-ng: proto_ipv4: Fix typo in commentTobias Klauser1-1/+1
s/coul/could/ Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-19build: configure: Prepend $SYSROOT to NACL_{INC,LIB}_DIRTobias Klauser1-2/+2
Otherwise nacl will not get picked up when cross-compiling. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-19build: configure: Properly encapsulate stringsTobias Klauser1-3/+3
This fixes the following errors when running configure e.g. inside the OpenEmbedded environment: ./configure: line 23: [: too many arguments ./configure: line 24: [: i586-oe-linux-ld: binary operator expected Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-17netsniff-ng: ring: Fix build if tp_vlan_tpid is not available in kernel headerTobias Klauser1-2/+8
The tp_vlan_tpid member of struct tpacket_auxdata was only added in kernel commit a0cdfcf39362 ("packet: deliver VLAN TPID to userspace"). Support building netsniff-ng also against kernel headers from earlier versions. Fixes: 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-17netsniff-ng: vlan: Show vlan info from tpacket v3Vadim Kochan2-0/+36
Show vlan info (vid, prio & proto) from tpacket struct, in separated line. It might be useful to sniff it in case if vlan reordering is on (which is by default) and physical (vlan underlying) device supports vlan offloading. Meanwhile it uses only v3 tpacket info as location of vlan fields are different between v2 & v3 (v1 does not have it at all), but current code only has possibility to check if v3 is used which is not enough. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ tk: make print format consistent with VLAN dissector ] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-17netsniff-ng: vlan: Use helpers when parse vlan headerVadim Kochan2-3/+31
Add proto_vlan.h with helpers to parse VLAN fields. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-10AUTHORS: Update contributor list and sort it alphabeticallyTobias Klauser1-17/+22
Add some people to the minor contributors list who were previously missing. Also sort the list alphabetically to make it easier to keep the list up to date. Also move Vadim one position up in the major contributors list according to the current commit count. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-07flowtop: Simplify nfct_is_dns()Tobias Klauser1-13/+8
Instead of creating an additional struct flow_entry on the stack just to use the CP_NFCT macros, call nfct_get_attr_u16() directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-07flowtop: Remove tprintf.o from object dependenciesTobias Klauser1-1/+0
The tprintf module isn't used in flowtop, no need to link it in. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06zsh: netsniff-ng: Add completetion for --cookedTobias Klauser1-0/+1
Commit da8fcdd7 ("netsniff-ng: Add cooked cmdline option.") added the -w/--cooked command line option but didn't add it to the zsh completition. Do so now. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06flowtop: Show counters in same color as their directionVadim Kochan1-20/+22
Show byte/packet counters in the same colors as their direction: - src in red - dst in blue so it will be easiser to identify them by direction. Also unifed counters printing in one function and changed counters naming similar to other *_src members of flow_entry struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Reverted to using parentheses in printed message] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06build: travis: Switch from legacy to container based travis buildsTobias Klauser1-3/+13
We should get faster builds by using their new infrastructure. Reference: http://docs.travis-ci.com/user/migrating-from-legacy/ Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-05build: curvetun: link against sysctl.oTobias Geerinckx-Rice1-0/+1
Fixes curvetun build failure due to undefined reference to sysctl_get_int in sock.o. [...] LD curvetun curvetun/sock.o: In function `set_system_socket_mem.part.0': sock.c:(.text+0xc0): undefined reference to `sysctl_set_int' curvetun/sock.o: In function `set_system_socket_memory': sock.c:(.text+0x4dd): undefined reference to `sysctl_get_int' sock.c:(.text+0x505): undefined reference to `sysctl_get_int' sock.c:(.text+0x52e): undefined reference to `sysctl_get_int' sock.c:(.text+0x54f): undefined reference to `sysctl_get_int' collect2: error: ld returned 1 exit status Signed-off-by: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Do not insert DNS flows into listVadim Kochan1-9/+20
Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Resolve src host if '-s' option specifiedVadim Kochan1-2/+4
Do not do reverse DNS for src hostname if '-s' option is not specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Don't hide status bar while dumping flowsVadim Kochan1-15/+12
Don't hide status bar line when dumping flows but print "[Collecting flows ...]" on the same line. Really there is no sense to hide this status bar line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03netsniff-ng: Do not tune socket memory in pcap read-only modeVadim Kochan1-0/+1
If a non-privileged user opens a pcap file then netsniff-ng tries to setup socket memory which causes warnings about failing because of permissions. So don't tune socket memory in pcap-read-only mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03man: flowtop: Add notes about enabling traffic accountingVadim Kochan1-2/+18
Add some explanation about traffic counters enabling via sysctl and its limitation. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Reword some sentences] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Show counters by directionVadim Kochan1-15/+25
Show bytes/pkts counters per src/dst direction. By default counters originated from dst are showed. Src counters are showed only if '-s' is specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Get rid of flushing flows by dumping ipv4/ipv6 tablesVadim Kochan1-30/+122
Get rid of flushing connections which resets all counters. Use dump whole ipv4/ipv6 connection tables to fullfill the existing flows, but this needs to use hand-made flow filtering because nfct_filter does not work when we do NFCT_Q_DUMP. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>